Project

General

Profile

Feature #1337

VLANs with different MAC address than parent interface

Added by Ermal Luçi over 9 years ago. Updated about 2 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Renato Botelho
Category:
Interfaces
Target version:
2.5.0
Start date:
03/08/2011
Due date:
% Done:

0%

Estimated time:

Description

In FreeBSD it is possible to host an vlan(4) with a different mac address from the parent.
This needs the parent interface in promiscuous mode, which at present days is not much of a issue.

Linked report here http://forum.pfsense.org/index.php/topic,34094.0.html.

Possibly an option should be given to people activate this issue.

Associated revisions

Revision 4cd8424a (diff)
Added by Renato Botelho about 2 years ago

Revert ticket #1337

FreeBSD is not happy with simple set VLAN to use a different MAC
address. Revert it for now and prevent users to change VLAN interface
MAC address.

History

#1 Updated by Chris Buechler over 4 years ago

  • Subject changed from Vlan with different mac address than parent interface to VLANs with different MAC address than parent interface

#2 Updated by Renato Botelho about 2 years ago

  • Status changed from New to This Sprint
  • Assignee set to Renato Botelho
  • Target version set to 2.4.4

#3 Updated by Renato Botelho about 2 years ago

  • Status changed from This Sprint to Feedback

#4 Updated by Steve Beaver about 2 years ago

  • Status changed from Feedback to This Sprint

James Dekker [6:49 PM]
With SG-5100 and XG-2758 on `2.4.4.a.20180824.1144` (which isn't the latest build, but should include whatever the fix was on `1337`) .. added a VLAN, assigned it as an interface with a static IP on both appliances, enabled the parent interface (no IP set, just enabled so the VLANs could use the interfaces) ... added a allow any rule on the VLAN interface on both pfSense. From either pfSense, I could ping the other. Then on one, I spoofed the VLAN interface mac as `DE:AD:BE:EF:CA:FE`, went to ping and now it fails. Remove the spoofed MAC, pings succeed again.

I his a valid test?

#5 Updated by Renato Botelho about 2 years ago

  • Status changed from This Sprint to In Progress

#6 Updated by Renato Botelho about 2 years ago

  • Status changed from In Progress to Assigned
  • Target version changed from 2.4.4 to 48

#7 Updated by Jim Pingle over 1 year ago

  • Target version changed from 48 to 2.5.0

#8 Updated by Wik Joh about 2 months ago

It's possible to do this by editing /etc/inc/interfaces.inc and adding the lines below, but it would be nice if it could be done through the UI.

mwexec("/sbin/ifconfig igb0 promisc");
mwexec("/sbin/ifconfig igb0.10 promisc");
mwexec("/sbin/ifconfig igb0.10 ether 00:aa:bb:cc:dd:ee");

#9 Updated by Luiz Souza about 2 months ago

I'm not sure that setting the interface in promiscuous mode is the right thing to do here. There will be performance issues (no more HW filtering).

Please advance with caution.

Also available in: Atom PDF